CVE-2020-36845
MEDIUM WAF: Medium
CVSS 6.1
Published: 2025-04-20
CWE-601 CWE-601
The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL.
WAF Coverage Analysis
Open Redirect
Medium WAF Coverage
OWASP: A01:2021 Broken Access Control
941xxx - XSS / XXE
Open Redirect
Medium WAF Coverage
OWASP: A01:2021 Broken Access Control
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| knowbe4 | security_awareness_training | up to 2020-01-10 |
References
- www.doyler.net (Exploit)